IS404 Access Control, Authentication and Public Key Infrastructure (PKI) [Onsite]
Course Description: This course introduces the concept of access control to information systems and applications. Access, authentication and accounting for end-users and system administrators will be covered. In addition, security controls for access control including tokens, biometrics, and use of public key infrastructures (PKI) will be covered. Prerequisite(s) and/or Corequisite(s): Prerequisites: IT260 Networking Application Services and Security or equivalent Credit hours: 4 Contact hours: 50 (30 Theory Hours, 20 Lab Hours)
Access Control, Authentication and Public Key Infrastructure (PKI)
Syllabu
Where Does This Course Belong?
This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:
Foundational Courses
Technical Courses
BSISS Project
The following diagram demonstrates how this course fits in the program:
IS427 Information Systems Security
400 Level
Capstone Project
IS421
IS418 IS404
IS411
IS415
IS416
Access Control, Authentication & KPI
Security Policies & Implementation Issues
System Forensics Investigation & Response
Securing Windows Platforms & Applications
Securing Linux Platforms & Applications
IS423
Legal & Security Issues
Securing Windows Platforms & Applications
300 Level
IS305 Managing Risk in Information Systems
IS308
IS316
IS317
Security Strategies for Web Applications & Social Networking
Fundamentals of Network Security Firewalls & VPNs
Hacker Techniques Tools & Incident Handling
EC311 Introduction to Project Management IT250 Linux operating System
ment
CNS Program Prerequisites:
©ITT Educational Services, Inc.
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
Syllabu
300 Level
IT320
IT302
WAN Technology & Application
Linux System Administration
200 Level
IT260
IT255
Networking Application
Introduction to Information Systems Security
IT220
IT221
IT250
Network Standards & Protocols
Microsoft Network Operating System I
Linux Operating System
Services & Security
100 Level TB143 Introduction to Personal Computers
ISS Foundational
ISS Technical
ISS Capstone
Technical Basic
Courses
Courses
Project
Courses
©ITT Educational Services, Inc.
CNS Prerequisites
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
Syllabu
Course Summary Major Instructional Areas 1. Access control policy framework 2. Risk mitigation with sound access controls 3. Information technology (IT) infrastructure access control requirements and implementation 4. PKI and encryption 5. Security controls in an IT infrastructure 6. Authentication solutions
Course Objectives 1. Define authorization and access to an IT infrastructure based on an access control policy framework. 2. Mitigate risk to an IT infrastructure’s confidentiality, integrity, and availability with sound access controls. 3. Analyze how a data classification standard impacts an IT infrastructure’s access control requirements and implementation. 4. Develop an access control policy framework consisting of best practices for policies, standards, procedures, and guidelines to mitigate unauthorized access. 5. Define proper security controls within the User Domain to mitigate risks and threats caused by human behavior. 6. Implement appropriate access controls for information systems within IT infrastructures. 7. Design appropriate authentication solutions throughout an IT infrastructure based on user types and data classification standards. 8. Implement a secure remote access solution. 9. Implement PKI and encryption solutions to ensure the confidentiality of business communications.
©ITT Educational Services, Inc.
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
Syllabu
10. Mitigate risk from unauthorized access to IT systems through proper testing and reporting.
SCANS Objectives SCANS is an acronym for Secretary’s Commission on Achieving Necessary Skills. The committee, appointed by the National Secretary of Labor in 1990, created a list of skills and competencies that continue to be a valuable resource for individuals developing their careers in a high-tech job market. For more information on the SCANS objectives, visit The U.S. Department of Labor Employment and Training Administration: www.doleta.gov.
Learning Materials and References
Required Resources
Textbook Package
New to this Course
Ballad, Bill, Tricia Ballad, and Erin Banks. Access Control, Authentication, and Public Key Infrastructure. 1st ed. Sudbury, MA: Jones & Bartlett, 2011.
Printed IS404 Student Lab Manual
ISS Mock IT Infrastructure (1) – Cisco Core Backbone Network consisting of Cisco 2811 routers, 2950/2960 catalyst switches, ASA 5505s for classroom hands-on labs that require a live, IP network. (For onsite only)
Carried over from Previous Course(s)
Required for Subsequent Course(s)
ISS Mock IT Infrastructure (2) – VM Server Farm (2
©ITT Educational Services, Inc.
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
Textbook Package
Microsoft Windows Servers and 2 Ubuntu Linux Servers) for classroom hands-on VM labs. (For both onsite and online)
ISS Mock IT Infrastructure (2) – VM Workstation (Microsoft Windows XP2003 Professional Workstation with Core ISS Apps and Tools) for classroom hands-on VM labs. (For both onsite and online)
Companion DVD-IS404 (3) - Additional VMs, Apps, Tools needed for the Student VM workstation to perform the labs for this course. (For both onsite and online)
©ITT Educational Services, Inc.
New to this Course
Syllabu Carried over from Previous Course(s)
Required for Subsequent Course(s)
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
Syllabu
ISS Mock IT Infrastructure The ISS Mock IT infrastructure was designed to mimic a real-world IT infrastructure consisting of the seven domains of a typical IT infrastructure.
Figure 1 – Seven Domains of Information Systems Security Responsibility
The ISS Mock IT infrastructure consists of the following three major components:
Cisco Core Backbone Network
VM Server Farm
VM Instructor and Student Workstations
At the core of the ISS Mock IT infrastructure is a Cisco core backbone network using the CNS curriculum equipment (Cisco 2811/2801 routers, ASA5505s, and Catalyst 2950/2960 switches). The use of the Cisco core backbone network for both CNS and ISS provides a real-world, representation of a typical IT infrastructure. This also requires proper preparation and loading of IOS image files and configuration files into/from the Cisco router and a TFTP server.
©ITT Educational Services, Inc.
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
Syllabu
Some ISS courses and labs require the use of the Cisco core backbone network when an IP network infrastructure is needed as part of the hands-on lab activity. This will be indicated in the “Required Setup & Tools” section of each laboratory within each ISS course lab manual.
Onsite students will perform hands-on labs using this Cisco core backbone network and the VM server farm and VM workstations.
Online students will watch video only labs when the Cisco core backbone network is used and will perform hands-on labs using the VM server farm and VM workstations.
Figure 2 – ISS Mock IT Infrastructure
The second component is the virtualized server farm. This virtualized (VM) server farm (“A”) consists of Microsoft Windows and Ubuntu Linux servers running native, as well as, open source and freeware applications and services. The purpose of the VM server farm is to mimic production services and applications where the Instructor has full control over the implementation of the VM server farm based on what the lab requires. Future ISS courses will have new VMs containing pertinent applications and tools.
©ITT Educational Services, Inc.
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
Syllabu
Note that the VM Server farm can connect to either ASA_Instructor (172.30.0.0/24) or ASA_Student (172.31.0.0/24) as long as the DHCP host range and IP default gateway router definitions are set properly. See figure 3 below.
The third component is the Instructor (“B”) VM workstation and Student VM workstations (“C”) with client applications and tools pre-installed. See figure 3 below.
©ITT Educational Services, Inc.
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
Syllabu
The following notes are implementation recommendations:
Install the VM server farm (“A”) and VM workstations (“B” and “C”) on either ASA_Instructor or ASA_Student as long as you specify the correct IP network lease address pool on the DHCP server and specify the correct IP default gateway router definition
The DHCP server, “WindowsDHCP01” is already pre-configured to support the 172.30.0.0, 255.255.255.0 / ASA_Instructor subnet with an IP default gateway router of 172.30.0.1, 255.255.255.0
Install the VM server farm on a dedicated classroom workstation with 2 Gig RAM (required) / 4 Gig RAM (recommended)
External Hard Drive Virtual Machines Virtual Server Domain Controller DHCPWindows01 172.30.0.10/24 DFG: 172.30.0.1 18.2 GB10k
ULTRA3 SCSI
18.2 GB10k
ULTRA3 SCSI
18.2 GB10k
ULTRA3 SCSI
18.2 GB10k
ULTRA3 SCSI
18.2 GB10k
ULTRA3 SCSI
18.2 GB10k
ULTRA3 SCSI
OS:W2k3 STD 32bit 1 CPU 512 MB RAM OS=20G + Active Directory DNS,IIS DHCP: SCOPE: 172.30.0.55-199
Virtual Server Standalone Server TargetWindows01 DHCP DFG: 172.30.0.1 18.2 GB10k
ULTRA3 SCSI
18.2 GB10k
ULTRA3 SCSI
18.2 GB10k
ULTRA3 SCSI
18.2 GB10k
ULTRA3 SCSI
18.2 GB10k
ULTRA3 SCSI
18.2 GB10k
ULTRA3 SCSI
OS:W2k3 STD 32bit 1 CPU 512 MB RAM OS=20G FTP TFTP POP3 IIS Application Svcs
Virtual Server Standalone Server TargetUBUNTU01 DHCP DFG: 172.30.0.1 18.2 GB10k
ULTRA3 SCSI
18.2 GB10k
ULTRA3 SCSI
18.2 GB10k
ULTRA3 SCSI
18.2 GB10k
ULTRA3 SCSI
18.2 GB10k
ULTRA3 SCSI
18.2 GB10k
ULTRA3 SCSI
OS: Ubuntu 10.04 LTS 1 CPU 512 MB RAM OS=10G + IPTables DVWA Apache SSH
Virtual Server Standalone Server TargetUBUNTU02 DHCP DFG: 172.30.0.1 18.2 GB10k
ULTRA3 SCSI
18.2 GB10k
ULTRA3 SCSI
18.2 GB10k
ULTRA3 SCSI
18.2 GB10k
ULTRA3 SCSI
Virtual Workstationr Workstation STUDENT DHCP
Virtual Workstationr Workstation INSTRUCTOR DHCP
OS: WindowsXP Professional 1 CPU 512 MB RAM OS=10G + Wireshark Netwitness NMAP Nessus
OS: WindowsXP Professional 1 CPU 512 MB RAM OS=10G + Wireshark Netwitness NMAP Nessus
18.2 GB10k
ULTRA3 SCSI
18.2 GB10k
ULTRA3 SCSI
OS: Ubuntu 9.10 1 CPU 512 MB RAM OS=10G + GUFW Client Tools
Figure 3 – VM Server Farm and VM Workstations
To support the delivery of the ISS curriculum, use of ITT Technical Institute’s Microsoft software licenses are used where needed for Microsoft server and workstation VMs. The VM server farm is physically housed on a USB hard drive allowing for physical installation to a dedicated VM server farm workstation.
©ITT Educational Services, Inc.
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
Syllabu
All student workstations must be physically isolated from the rest of the classroom workstations given that some ISS courses and hands-on labs require disconnection from the ITT internal network. ISS hands-on labs require the Instructor or Student to install their hard drive into a physical workstation in the classroom. VMware Player v3.x is used to enable the VM servers and/or VM workstations. Use of a DHCP server provides all IP host addresses to the VM workstations. Ideally, the VM server farm workstation should have 4 Gig of RAM in order to load and run more than 2 VM servers. The Instructor and Student VM workstations can have 2 Gig RAM to load to VM workstation with applications and tools. The VM server farm should be connected to the layer 2 switch along with the Instructor VM and Student VM workstations. From here you can run an RJ45-RJ45 trunk cable connecting the layer 2 switch to ASA_Instructor (this is the default configuration using 172.30.0.0/24). This way the VM server farm and DHCP server can be accessed by either the Instructor or Student VM workstations. Figure 4 below shows a high-level diagram of the ISS “Mock” IT Infrastructure representing both the network and server elements. Do not connect the ISS “Mock” IT infrastructure to the internal ITT Technical Institute network or public Internet. Special partitioning and separation of those classroom workstations (on its own layer 2 classroom switch) used for ISS hands-on labs is required given the intrusive applications and tools used by ISS hands-on labs. This will facilitate easy connection/disconnection to the ITT internal network. The default DHCP setting are: 172.30.0.0/24 (IP Network Number with 255.255.255.0 Subnet Mask) 172.30.0.1 /25 (IP Default Gateway Router) 172.30.0.55 – 172.30.0.199 (DHCP Address Lease Pool)
©ITT Educational Services, Inc.
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
Syllabu
Figure 4 - Mock IT Infrastructure High-level Diagram
The latest version of the ISS Mock IT Infrastructure Installation & Setup Guide (in PDF format) can be found in two different locations: (ISS Mock IT Infrastructure_v 3 7_101006_dk final.pdf)
The www.jblearning.com\ITT instructor portal: The ISS Mock IT Infrastructure Installation and Setup Guide can be found in each course’s \Labs sub-folder as follows: \ISxxx\Labs\Mock IT Infrastructure\..., where xxx=ISS Course Number
The ITT Faculty Portal: The Mock IT Infrastructure Installation and Setup Guide and can be found here: \ITT Faculty Portal\IT Shared Documents\ISS\Mock Infrastructure Setup v3.7\...
©ITT Educational Services, Inc.
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
Syllabu
Note #1: The ITT Onsite or Online Instructor will provide students with the specific instructions and procedures for how to obtain the core ISS VM server farm and workstation image files during the first week of class.
(1) The following lists the new VMs, applications, and tools required to perform the hands-on labs for this course for both onsite and online deliveries:
1. New VM for server farm: “VulnerableXP01”. This VM is a vulnerable Windows 2003 Server VM and is used as a target device.
2. New VM for server farm: “Backtrack01”. A Backtrack 4 Ubuntu Server pre-loaded with the following applications and tools:
a. Metasploit with required plug-ins b. Kismet c.
Aircrack-ng
d. Airsnort e. Snort f.
MySQL
g. BASE
3. New VM that Replaces the Old “TargetUbuntu01” VM on the VM server farm. An Ubuntu Server 10.4 VM pre-loaded with the following applications and tools:
a. Damn Vulnerable Web App (DVWA) b. ClamAV Installed c.
Rootkit Hunter: http://www.rootkit.nl/projects/rootkit_hunter.html
d. Chrootkit: http://www.chkrootkit.org/ e. Appropriate rootkit tools can be found at: http://www.packetstormsecurity.org/UNIX/penetration/rootkits/indexdate.html f.
Infected with EICAR
©ITT Educational Services, Inc.
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
Syllabu
g. tcpdump h. Common Linux tools such as strings, sed and grep
©ITT Educational Services, Inc.
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
Syllabu
4. Tools Directory: A directory called "tools" which contains the binary installation files for each tool covered in the course, including:
a. Infected with EICAR b. ClamAV Installed c.
Rootkit Hunter: http://www.rootkit.nl/projects/rootkit_hunter.html
d. Chrootkit: http://www.chkrootkit.org/ e. Appropriate rootkit tools can be found at: http://www.packetstormsecurity.org/UNIX/penetration/rootkits/indexdate.html f.
Wireshark
g. Netwitness Investigator h. FileZilla FTP client/Server i.
Putty SSH client
j.
Nessus
k.
Zenmap
l.
MD5sum
m. SHA1sum n. GnuPG (Gnu Privacy Guard) o. OpenSSL p. VMware Player
Note #2: Installation instructions for installing these new VMs, applications and tools will be provided by the ISS onsite or online Instructor during day 1/ week 1 of the course.
©ITT Educational Services, Inc.
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
Syllabu
Recommended Resources Books, Professional Journals Please use the following author’s names, book/article titles and/or keywords to search in the ITT Tech Virtual Library for supplementary information to augment your learning in this subject:
Books Books24X7 Periodicals EbscoHost ProQuest
“Brocade; Survey Results Demonstrate Need for Integrated Approach to Network Security; Point Products Fall Short”, Network Business Weekly, Apr 5, 2010.
Bruce J. Fried, et al Human Resources in Healthcare: Managing for Success, 2nd ed. (Chapter 4)
“Certified Ethical Hacker is Big News for Local Small Business: The Academy of Computer Education”, Business Wire, Dec 22, 2008.
Craig S. Wright The IT Regulatory and Standards Compliance Handbook: How to Survive Information Systems Audit and Assessments (Chapter 3)
Dobromir Todorov
©ITT Educational Services, Inc.
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
Syllabu
Mechanics of User Identification and Authentication: Fundamentals of Identity Management (Chapter 1, 2 and 3)
“e-DMZ Security Selected as 2010 SC Magazine Best Regulatory Compliance Solution”, Business Wire, Mar 8, 2010.
Eric Cole, et al Network Security Bible (Chapter 5)
Harold F. Tipton, et al Information Security Management Handbook, 6th ed. (Chapters 19, 30, 87 and 106)
Harold F. Tipton, et al Official (ISC)2 Guide to the CISSP CBK (Domains 1 and 2)
Jay Kelley, et al Network Access Control for Dummies (Chapter 15)
Jeremy Moskowitz Group Policy: Management, Troubleshooting, and Security: For Windows Vista, Windows 2003, Windows XP, and Windows 2000 (Chapter 1)
John R. Vacca Public Key Infrastructure: Building Trusted Applications and Web Services (Chapter 1)
©ITT Educational Services, Inc.
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
Syllabu
Joseph Steinberg, et al SSL VPN: Understanding, Evaluating, and Planning Secure, Web-Based Remote Access
M.E. Kabay “Extensive Catalog Provides Security Controls for Contemporary Security Requirements”, Network World (Online), Nov 2, 2009.
Michael Coles, et al Expert SQL Server 2008 Encryption (Chapter 1)
Neil Wyler, ed. Juniper Networks Secure Access SSL VPN Configuration Guide (Chapter 9)
“NetworkedPlanet: 50 Percent of Employees Admit to Losing Documents on the Company Network”, M2 Presswire, Apr 12, 2010.
Peter Stephenson “Applying Evolved Policy”, SC Magazine, Oct 2009, Vol. 20 Issue 10, (Page 39)
Poonam Khanna “Two-Factor Authentication is Key to Sound ID Management: Schmidt”, Computing Canada, Jun 17, 2005, Vol. 31 Issue 9, (Page 10)
©ITT Educational Services, Inc.
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
Syllabu
Robert E. Larson, et al CCSP: Cisco Certified Security Professional Certification All-in-One Exam Guide (Chapter 4)
“Secure Computing Shares Research Innovations and Best Practices In Email, Web and Domain Authentication; Technologists Discuss Reputation Systems and Authentication Protocols at 2007 Authentication Summit”, PR Newswire, Apr 17, 2007.
Seymour Bosworth, et al Computer Security Handbook, 5th ed. (Chapters 23, 67 and 69)
Steve Manzuik, et al Network Security Assessment: From Vulnerability to Patch (Chapter 2)
Yan Zhang, et al Handbook of Research on Wireless Security (Chapter XLIV)
Professional Associations
International Association of Privacy Professionals (IAPP) This Web site provides opportunity to interact with a community of privacy professionals and to learn from their experiences. This Web site also provides valuable career advice. https://www.privacyassociation.org/ (accessed April 22, 2010)
International Information Systems Security Certification Consortium, Inc., (ISC)²®
©ITT Educational Services, Inc.
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
Syllabu
This Web site provides access to current industry information. It also provides opportunities in networking and contains valuable career tools. http://www.isc2.org/ (accessed April 22, 2010)
ISACA This Web site provides access to original research, practical education, career-enhancing certification, industry-leading standards, and best practices. It also provides a network of likeminded colleagues and contains professional resources and technical/managerial publications. http://www.isaca.org/template.cfm?section=home (accessed April 22, 2010)
NOTE: All links are subject to change without prior notice.
©ITT Educational Services, Inc.
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
Syllabu
Keywords: Access Control Policy Framework Authentication Solutions Compliance Data Classification Standards Data Classification Policy Encryption Information Systems Security Internet/Web Access Layered Security Control Multi-Factor Authentication Process Network Diagram Penetration Test PKI Remote Access Method Remote Access Solution Remote Workers and Employees Risk Mitigation Security Breach Unauthorized Access User Domain U.S. and State Compliance Laws Vulnerability Scan Report
©ITT Educational Services, Inc.
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
Syllabu
Course Plan
Instructional Methods This course is designed to promote learner-centered activities and support the development of cognitive strategies and competencies necessary for effective task performance and critical problem solving. The course utilizes individual and group learning activities, performance-driven assignments, problem-based cases, projects, and discussions. These methods focus on building engaging learning experiences conducive to development of critical knowledge and skills that can be effectively applied in professional contexts.
Suggested Learning Approach In this course, you will be studying individually and within a group of your peers. As you work on the course deliverables, you are encouraged to share ideas with your peers and instructor, work collaboratively on projects and team assignments, raise critical questions, and provide constructive feedback.
Use the following advice to receive maximum learning benefits from your participation in this course:
DO
Do take a proactive learning approach Do share your thoughts on critical issues and potential problem solutions Do plan your course work in advance Do explore a variety of learning resources
DON’T
Don’t assume there is only one correct answer to a question Don’t be afraid to share your perspective on the issues analyzed in the course
in addition to the textbook Do offer relevant examples from your experience Do make an effort to understand different
Don’t be negative towards the points of view that are different from yours Don’t underestimate the impact of
points of view
©ITT Educational Services, Inc.
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
DO
Syllabu
DON’T
Do connect concepts explored in this
collaboration on your learning
course to real-life professional situations and your own experiences
Don’t limit your course experience to reading the textbook Don’t postpone your work on the course deliverables – work on small assignment components every day
Course Outline
Graded Activities
Unit #
1
2
Unit Title
Grade Allocation
Assigned Readings Grading Category
Introduction to Access Control, Authentication, and PKI
Risk Mitigation Using Sound Access Controls
Access Control, Authentication, and Public Key Infrastructure: Chapter 1
Access Control, Authentication, and Public Key Infrastructure:
©ITT Educational Services, Inc.
#
Activity Title
(% of all graded work)
Assignment
1.1
Identification, Authentication, and Authorization Techniques
1
Lab
1.2
Assess the Impact on Access Controls for a Regulatory Case Study
2
Assignment
1.3
Impact of U.S. Federal and State Compliance Laws
2
Assignment
2.1
Infrastructure Control Areas Within the Seven Domains
1
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
Syllabu
Graded Activities
Unit #
Unit Title
Assigned Readings Grading Category
Chapter 2
3
Grade Allocation
Data Classification
Access Control, Authentication, and Public Key Infrastructure:
#
Developing Access Control Policy Framework
Access Control, Authentication, and Public Key Infrastructure:
2.2
Design Infrastructure Access Controls for a Network Diagram
2
Assignment
2.3
Improving Security Through Layered Security Control
2
Quiz
3.1
Quiz 1
2
Lab
3.2
Identify & Classify Data for Access Control Requirements
2
Assignment
3.3
Implementation of a Data Classification Policy
2
Discussion
4.1
Security Breach Evaluation
5
Lab
4.2
Implement OrganizationalWide Access Controls
2
Assignment
4.3
Implementation of an OrganizationWide Security Plan
2
Quiz
5.1
Quiz 2
2
Chapter 4 Chapter 5
5
Managing Human Resources Risks
Access Control, Authentication, and Public Key Infrastructure:
©ITT Educational Services, Inc.
(% of all graded work)
Lab
Chapter 3
4
Activity Title
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
Syllabu
Graded Activities
Unit #
Unit Title
Grade Allocation
Assigned Readings Grading Category
Chapter 6
#
Implementing Infrastructure Controls
Access Control, Authentication, and Public Key Infrastructure: Chapter 8
7
Authentication Methods and Requirements
Access Control, Authentication, and Public Key Infrastructure:
5.2
Enhance Security Controls for Access to Sensitive Data
2
Assignment
5.3
Implementing Comprehensive Human Resources Risk Management Plan
2
Assignment
6.1
Aligning Account Types and Privileges
1
Lab
6.2
Enhance Security Controls for File System Access Controls
2
Assignment
6.3
Managing Microsoft Account and File Systems Access Controls
2
Quiz
7.1
Quiz 3
2
Lab
7.2
Design a Multifactor Authentication Process
2
Assignment
7.3
Implementation of Authentication Process
2
Chapter 10
©ITT Educational Services, Inc.
(% of all graded work)
Lab
Chapter 7
6
Activity Title
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
Syllabu
Graded Activities
Unit #
8
Unit Title
Grade Allocation
Assigned Readings Grading Category
Securing Remote Access
Access Control, Authentication, and Public Key Infrastructure: Chapter 11
#
PKI and Encryption
Access Control, Authentication, and Public Key Infrastructure:
8.1
Remote Access Method Evaluation
5
Lab
8.2
Align Appropriate Remote Access Solutions Based on Data Sensitivity
2
Assignment
8.3
Internet/Web Access Management
2
Quiz
9.1
Quiz 4
2
Lab
9.2
Apply Encryption to Mitigate Risk Exposure
2
Assignment
9.3
PKI and Encryption at Work
2
Assignment
10.1
Scope of Work for Penetration Test
1
Lab
10.2
Use Reconnaissance, Probing, & Scanning to Identify Servers and Hosts
2
Assignment
10.3
Developing a Vulnerability Scan Report
2
Exam
11.1
Final Exam
20
Chapter 13
10
Unauthorized Access Risk Mitigation Techniques
Access Control, Authentication, and Public Key Infrastructure: Chapter 14
11
Course Review and
N/A
©ITT Educational Services, Inc.
(% of all graded work)
Discussion
Chapter 12
9
Activity Title
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
Syllabu
Graded Activities
Unit #
Unit Title
Grade Allocation
Assigned Readings Grading Category
Final Examination
©ITT Educational Services, Inc.
Project
#
11.2
Activity Title
Access Control Proposal
(% of all graded work)
18
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI)
Syllabu
Evaluation and Grading
Evaluation Criteria The graded assignments will be evaluated using the following weighted categories:
Category
Weight
Discussion
10
Assignment
24
Lab
20
Project
18
Quiz
8
Exam
20
TOTAL
100%
Grade Conversion The final grades will be calculated from the percentages earned in the course, as follows:
Grade
Percentage
Credit
A
90–100%
4.0
B+
85–89%
3.5
B
80–84%
3.0
C+
75–79%
2.5
C
70–74%
2.0
D+
65–69%
1.5
D
60–64%
1.0
©ITT Educational Services, Inc.
Date: 10/26/2010
Access Control, Authentication and Public Key Infrastructure (PKI) F